rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/app
History
Andras Bacsai dac940807a fix(deployment): properly escape shell arguments in nixpacks commands 
Add escapeShellValue() helper function to safely escape shell values by wrapping
them in single quotes and escaping embedded quotes. Use this function throughout
the nixpacks command building to prevent shell injection vulnerabilities when
passing user-provided build commands, start commands, and environment variables.

This fixes unsafe string concatenation that could allow command injection when
user input contains special shell characters like &&, |, ;, etc.
2026-03-23 21:55:46 +01:00
..
Actions fix(stripe): add error handling and resilience to subscription operations (#9030) 2026-03-18 15:38:59 +01:00
Console feat(monitoring): add Laravel Nightwatch monitoring support 2026-03-23 15:36:47 +01:00
Contracts
Data feat(proxy): add Traefik version tracking with notifications and dismissible UI warnings 2025-11-18 14:53:49 +01:00
Enums
Events Make proxy restart run as background job to prevent localhost lockout 2025-12-03 10:30:12 +01:00
Exceptions feat(api): Improve OpenAPI spec and add rate limit handling for Hetzner 2025-12-11 12:12:43 +01:00
Helpers fix(ssh): handle chmod failures gracefully and simplify key management 2026-03-16 21:27:10 +01:00
Http fix(github-webhook): handle unsupported event types gracefully 2026-03-23 21:33:40 +01:00
Jobs fix(deployment): properly escape shell arguments in nixpacks commands 2026-03-23 21:55:46 +01:00
Listeners fix(proxy): defer UI refresh until Traefik version check completes 2025-12-27 15:16:58 +01:00
Livewire fix(environment-variable): guard refresh against missing or stale variables 2026-03-23 10:52:59 +01:00
Models feat(storage): add storage endpoints and UUID support for databases and services 2026-03-23 15:15:02 +01:00
Notifications Fix: Allow test emails to be sent to any email address 2025-12-12 11:12:19 +01:00
Policies chore: prepare for PR 2026-02-25 11:18:46 +01:00
Providers Remove webhook maintenance mode replay feature 2025-12-02 13:36:32 +01:00
Repositories
Rules fix(server): handle limit edge case and IPv6 allowlist dedupe 2026-03-03 17:03:46 +01:00
Services refactor: remove verbose logging and use explicit exception types 2026-03-20 15:57:26 +01:00
Support Squashed commit from 'qqrq-r9h4-x6wp-authenticated-rce' 2026-03-18 13:53:01 +01:00
Traits refactor: remove verbose logging and use explicit exception types 2026-03-20 15:57:26 +01:00
View/Components feat: add availableSharedVariables method and enhance env-var-input component for better password handling 2025-11-27 10:23:46 +01:00